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Period for Reply 

. A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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1)S Responsive to communication(s) filed on 8/18/2006 . 
2a)H This action is FINAL, 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) ^ Claim(s) 1-20 is/are pending in the application, 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-20 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 20 July 2000 is/are: a)^ accepted or b)n objected to by the Examiner, 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action orfonm PTO-152. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

1 . Claims 1-20 are pending. 

2. Amendment submitted 1 8 August 2006 has been received and entered. 

Response to Arguments 

3. Applicant's arguments filed 1 8 August 2006 have been fully considered but they 
are not persuasive. 

4. Applicant has argued on page 7 that the Tumblin reference's NSIM cannot be 
equivalent to the claimed upper connection layer. Applicant asserts this by arguing that 
it is the SIM that establishes a new session/connection and arguing that it is the SIM 
that provides connectivity. Examiner contends that these arguments fail to establish that 
the NSIM cannot be viewed as an upper connection layer. In systems such as TCP/IP 
and OSI, connection layers are divided up whereby each layer provides particular 
functionality for a connection. It is the lower connection layers, such as the data link 
layers, that generally provide the actual connectivity and it is the upper connection 
layers that generally provide for data formatting, security, and prevention of data loss. 
Examiner notes that the division of functionality differs for each system and the above 
description is merely meant as an example. However, Examiner maintains that even if 
Applicant's contention that connectivity is provided by the SIM is true, it does not 
necessarily follow that the NSIM cannot be viewed as an upper connection layer. 
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5. Applicant further argues on pages 7-8 that Tumblin's security non-extensible 
application is not "security unaware." Applicant supports this assertion by arguing that 
the security non-extensible application merely is not capable of security and asserts 
there is a distinction between security aware and security capable. Examiner 
respectfully disagrees. Tumblin's security non-extensible applications are not security 
capable and they are not security aware. ■ Tumblin's security non-extensible applications 
attempt to create connections by calling Winsock, a standard connection request 
function (Tumblin, column 8 lines 19-21). This connection request is then intercepted 
by the NSIM which then takes over providing for the new connection by interfacing with 
the SIM to authenticate and provide security (Tumblin, column 8 lines 21-67). Since the 
security non-extensible application makes a standard connection call that is intercepted 
it cannot be said that the application is security aware. 

6. Further, Examiner notes that the security non-extensible application does not 
intentionally direct data to the NSIM as asserted by Applicant on page 8. Instead, as 
noted above, the NSIM intercepts data. 

7. Applicant further argues on pages 8-9 that the NSIM is not an upper connection 
layer of a protocol stack. Examiner respectfully disagrees. A transport protocol stack is 
a series of software implementations that work to transport data between two points. 
Tumblin's NSIM and SIM work in exactly this manner. Tumblin teaches an upper 
connection layer of a transport protocol stack receiving application data directly from an 
application (Tumblin, column 8 lines 10-35) by disclosing the application directly 
submitting data to the NSIM (viewed as the upper connection layer). The application 
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data is then passed to the security layer (Tumblin, column 8 lines 10-35) as is 
evidenced by the passing of application data from the NSIM (upper connection layer) to 
the SIM (security layer "security integration module"). 

8. Finally, Applicant argues that Tumblin fails to teach a connection specific API that 
is not associated with security. Examiner respectfully disagrees. Tumblin teaches 
directly receiving application data, from an application, at an upper connection layer of a 
transport protocol stack (Tumblin, column 8 lines 19-28), wherein the application data is 
received from the application using a connection specific application programming 
interface (API) desired for communication by the application and which is not associated 
with security (Tumblin, column 8 lines 19-28, NSIM creates new connection). The 
connection specific API is not associated with security because the SIM, security 
integration module, provides the security services. 



Claim Rejections - 35 USC § 102 



9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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10. Claims 1-2, 4, 6-9, 12, 14-18, and 20 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Tumblin et al US Patent No. 6,490,679. Tumblin teaches a system 
for seamless integration of application programs with security key infrastructure. 

1 1 . With regards to claims 1 and 7, Tumblin teaches directly receiving application 
data, from an application, at an upper connection layer of a transport protocol stack 
(Tumblin, column 8 lines 19-28), wherein the application data is received from the 
application using a connection specific application programming interface (API) desired 
for communication by the application and which is not associated with security (Tumblin, 
column 8 lines 19-28, NSIM creates new connection), passing the application data from 
the upper connection layer to a security layer from within the transport protocol stack 
and unbeknownst to the application (Tumblin, column 8 lines 19-21 and Figure 7 Item 
210), encrypting the application data within the security layer (Tumblin, column 8 lines 
45-53), passing the encrypted application data from the security layer (Tumblin, Figure 
7 Item 290) to a lower connection layer of the transport protocol stack (Tumblin, column 
9 lines 45-49 and Figure 7), and sending encrypted application data from a lower 
connection layer out a network connection (Tumblin, column 9 lines 45-49 and Figure 
7). The application disclosed by Tumblin is not required to perform security handshakes 
in order to send encrypted application data over the network (Tumblin, column 9 lines 
50-53 and column 8 lines 10-11), the connection layer supports at least one network 
transport protocol and the security layer is not specific to the transport protocol 
(Tumblin, column 8 lines 19-22), 
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12. With regards to claims 2 and 16, Tumblin teaches receiving encrypted application 
data at the lower connection which came in at the network connection (Tumblin, column 
9 lines 38-49, Figures 2 and 7), decrypting the application data within the security layer 
(Tumblin, column 9 lines 39-45), passing the decrypted application data from the upper 
connection layer to the application (Tumblin, column 8 lines 19-20, column 9 lines 39- 
49, Figures 2 and 7) without requiring that the application perform a security handshake 
(Tumblin, column 9 lines 50-53 and column 8 lines 10-11). 

13. With regards to claims 8-9 and 17, Tumblin teaches connection layers 
comprising code for performing a WinSock network transport protocol (Tumblin, column 
8 lines 19-22) and a Secure Socket Layer Session (Tumblin, column 7 lines 16-20). 

14. With regards to claim 12, Tumblin teaches the security layer and at least one of 
the connection layers identifying a particular application and its cryptographic properties 
(Tumblin, column 8 lines 19-27 and 45-53). 

15. With regards to claims 4 and 14, Tumblin teaches a means for establishing a 
secure connection using a specified handshake mode (Tumblin, column 7 lines 16-20 
and column 8 lines 19-22). 

16. With regards to claim 15, Tumblin teaches a legacy application that performs 
security handshakes (Tumblin, column 6 lines 15-24) and a security module that 
supports a secure connection to the legacy application (Tumblin, column 6 lines 22-24). 

17. With regards to claim 18, Tumblin teaches the receiving of the encrypted 
application data at the lower connection layer using a transport model (Tumblin, column 
8 lines 10-22), 
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18. With regards to claim 20, Tumblin teaches a secure network communications 
protocol stack interface which is callable from at least the lower connection layer 
(Tumblin, column 9 lines 38-60). 

Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

20. Claims 3 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Tumblin et al US Patent No. 6,490,679 in view of SSL-Talk List FAQ Secure Sockets 
Layer Discussion List FAQ v1.1.1 ("SSL-Talk List FAQ). 

21. With regards to claim 3, Tumblin, as described above, fails to teach the lower 
connection layer establishing a connection with a handshake mode that is at least one 
of an interactive mode and a blind-root accept mode. The SSL-Talk List FAQ teaches 
the use of an interactive mode when establishing a connection with a handshake (SSL- 
Talk List FAQ, Section 5.3). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize the FAQ's suggested interactive 
mode with Tumblin's system because it offers the advantage of allowing a user to 
override a failed attempt to authentication a server (SSL-Talk List FAQ, Section 5.3). 

22. With regards to claim 10, Tumblin as modified fails to teach the connection layer 
performing transport layer security sessions. The SSL-Talk List FAQ teaches the 
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inclusion of Transport Layer Security Protocols within secure communication systems 
(SSL-Talk List FAQ, Section 6.2.1). 

23. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tumblin 
et al US Patent No. 6,490,679 in view of Samar US Patent No. 6,304,974. Tumblin, as 
described above, fails to teach the changing of a list of trusted roots for a secure 
connection. Samar teaches the changing of a list of trusted roots (Samar, column 7 line 
53 - column 8 line 7). At the time the invention was made, it would have been obvious 
to a person of ordinary skill in the art to utilize Samar's method of updating lists of 
trusted roots with Tumblin's system because it offers the advantage of allowing a user 
to avoid a particular certificate authority if the user does not have confidence in their 
entity authentication (Samar, column 2 lines 4-13). 

24. Claims 11 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Tumblin et al US Patent No. 6,490,679 in view Novell NetWare Connection 
Enhanced NetWare 5 "What* s Enhanced in NetWare 5." 

25. With regards to claims 1 1 and 19, Tumblin, as described above, fails to teach an 
application comprising code for providing lightweight directory access protocol services. 
"What's Enhanced in NetWare 5" teaches the inclusion of applications providing LDAP 
services using a transport protocol in the form of a Novell transport ("What's Enhanced 
in NetWare 5", Section "Lightweight Directory Access Protocol LDAP support"). At the 
time the invention was made, it would have been obvious to a person of ordinary skill in 
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the art to utilize the enhancements defined by "What's Enhanced in NetWare 5" 
because it offers the advantage of allowing users to easily access X.500 based 
directories such as NDS. 

26. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tumblin 
et a! US Patent No. 6,490,679 in view Microsoft Security Advisor SSL Specific WSAIoctI 
Controls ("MS SSL Advisor"), Tumblin, as described above, fails to teach the identifying 
of a function as a call back function. The MS SSL Advisor teaches the use of a call 
back function (MS SSL Advisor, Page 1/15, Paragraph 2). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize the MS 
SSL Advisor's call back function because it offers the advantage of allowing the service 
provider to access security information from the application as it considers necessary 
(MS SSL Advisor, Page 1/15, Paragraph 2). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839, The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571 272 3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571 273 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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